1. What is IT Security? Explain its type in brief?

Security means to be free from any type of threats or harms or to simply show resilience against
them. Therefore IT security basically means to protect a computer system or a network of
computers form of harm from internal or external threats that may directly or indirectly harm the
data and information as well as the smooth functioning of the computer system and network.

In simple terms it helps us to deal with the IT threats such as virus, spyware, ransom ware etc.
that may directly or indirectly cause harm to the hardware, software, or electronic data, as well as
form the disruption or misdirection of the services that is provided by a computer system. The
types of IT security are as follows:

a) Network security:
Network security can be seen as the act of preventing and protecting against unauthorized
intrusion into corporate networks. It take physical and software preventive measures to
protect the underlying networking infrastructure form unauthorized access, misuse,
malfunction, modification, destruction or improper discloser, therefore creating a secure
platform for users and programs to perform their critical functions within a secure
environment. Network security includes the following features:
 Access control
 Data Loss prevention
 Email security
 Application security
 Firewall
 Network segmentation
 VPN
 Web security, etc.
b) Internet Security
Internet security involves the protection of information that is sent and received in
browsers, as well as network security involving web-based applications. It is focused on
the specific threats and vulnerabilities of online access and use of the internet. It helps to
monitor incoming internet traffic for malware as well as unwanted traffic. It also helps to
safeguard the user form threats such as hacking into the computer system, email
addresses, or websites. This protection may come in the form of firewalls, anti-malware
and anti-spyware.
c) Endpoint Security:
Endpoint security refers to endpoints, or end-user devices like desktops, laptops and
mobile devices. It will prevent the device form accessing malicious networks that may a
threat. Thus, this type of IT security provides protection at device level. Advance
malware protection (AMP) and device management software are examples of endpoint
security.
d) Cloud Security:
 Cloud security is the protection of data stored online via cloud computing platforms form
theft, leakage, and deletion. It consists of a set of policies, controls, procedure and
technology that work together to protect cloud-based systems, data, and infrastructures.
As using clouds is growing in numbers nowadays which tends the users to connect to the
internet directly, traditional IT security cannot keep the data and information secure that
makes the cloud security that much more important. A cloud-access security broker
(CASB), secure Internet gateway (SIG), and cloud-based unified threat management
(UTM) can be used for cloud security.

e) Application Security:
Application security refers to the security measures taken at application level to help
ensure they are not vulnerable to attacks. It is the security measures taken at the time of
the development of an application i.e. applications are specifically coded at the time of
their creation. This added layer of security involves evaluating the code of an app and
identifying the vulnerabilities that may exist within the software.

2. What is Data backup? What is its type? Explain each in brief?

Data Backup is the process of duplicating data to allow the retrieval of the duplicate set when the
original data is loss or in case of an event that causes data loss. There are many kinds of data
backup services that help enterprises organize and ensure that the data is secure and that critical
data is not loss in a natural disaster, theft situation, or any other kind of emergency. There are
four types of data backup which are as follows:

1. Full backup:
Full backup is the process of coping everything that is considered as delicate data and is
important for the organization or personal, that must not be lost and keep it as backup. This
type of backup is known as the first copy and is the most reliable copy, as it can normally be
made without any additional tools. It takes longer to perform and requires a lot of storage
space hence it is typically used in combination with either a differential or incremental
backup

2. Incremental backup:
The process of copying only the data that has been chanced since the user’s last backup
operation is called operational backup. Here, a backup application will record and keep track
of the time and date of all the backup operations that occurs. This type of backup process is
faster and requires less storage space.
3. Differential backup:
A deferential backup has the same basic structure as an incremental backup, but all the files
created since the first original full backup is copied again.
4. Mirror backup:
 A mirror backup is the exact copy of the source data. The advantage of mirror backup as
opposed to full, incremental, or differential backups is that we’re not storing old, obsolete
files. When obsolete files are deleted, they disappear from the mirror backup as well when
the system backs up. The downside to mirror backup is that if files are accidentally deleted,
they can be lost from the backup is well if the deletion isn’t discovered before the next
scheduled backup.

3. Explain each in brief:

a) Attack
The act of causing harm to people or property through force like assaulting a victim is
known as an attack. There can be various types of attack that may cause harm to people
or property or data and information as well like physical attack, verbal attack, emotional
attack, cyber-attack, etc.
In terms of IT security, an attack is an information security threat that involves an
attempt to obtain, alter, destroy, remove, implant or reveal information without
authorized access or permission.
b) Threat
A threat can be seen as an expression of intention to inflict evil, injury, or damage to
people, property, valuables or important documents and data. A threat can also be taken
as the possibility of an attack on an individual, property, data and information that can be
done at any given time. In computer security, a threat is a potential negative action or
event facilitated by vulnerability those results in an unwanted impact to
a computer system or application.
c) Phishing Attack
Phishing attack is a type of social engineering attack often used to teal data and
information, including login credentials and credit card numbers. It occurs when an
attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant
message or text message. The recipient is then tricked into clicking a malicious link,
which can lead to the installation of malware, the freezing of the system as part of
a ransomware attack or the revealing of sensitive information.
This type of attack can lead to various losses of the individual or organization which
includes unauthorized purchases, stealing of funds, or also identity theft i.e. using others
identity to commit cyber-crimes. There are various types phishing attacks which include:

• Spear phishing.
• Whaling.
• Vishing.
• Email phishing. Etc.
Preventive measures must be taken to ensure safety form such attacks i.e.
 • Mark as spam.
• Delete spam emails.
• Keep email address private
• Using a third-party spam filter
• Unsubscribe from email lists

d) MPLS
MPLS stands for Multi-Protocol Label Switching. It is the protocol that increases the
speed and controls the flow of network traffic. With MPLS, data is directed through a
path via labels instead of requiring complex lookups in a routing table at every stop.
When data enters a traditional IP network, it moves among network nodes based on long
network addresses. With this method, each router on which a data packet lands must
make its own decision, based on routing tables, about the packet’s next stop on the
network. MPLS, on the other hand, assigns a label to each packet to send it along a
predetermined path.

Long Questions

2. Define Security Testing. What is its type? Explain each.

Security Testing is a type of Software Testing that uncovers vulnerabilities, threats, risks in a
software application and prevents malicious attacks from intruders. The purpose of Security
Tests is to identify all possible loopholes and weaknesses of the software system which might
result in a loss of information, revenue, repute at the hands of the employees or outsiders of the
Organization. Following are the types of security testing:

a) Vulnerability Scanning:
It involves detection of system vulnerabilities through automated software. These
automated softwares scans the web apps from the outside to detect cross-site
scripting, SQL injections, command injections, insecure server connections, etc. The
drawback of vulnerability scanning is that it can accidentally cause a system crash
if mistakes for an invasive activity.
b) Security Scanning:
Security scanning aims to assess the general security level of the system by
detecting weak points and loopholes. The more intricate the system or network is,
the more complicated the security scan has to be. It can be done as a one-time
check, but most software development companies prefer performing security
scanning on a regular basis.
c) Penetration Testing
An imitation attack is done in the system to check for exploitable vulnerabilities.  The
two most common forms of penetration testing are application penetration testing
 that aims to detect technical vulnerabilities and infrastructure penetration testing
which examines servers, firewalls, and other hardware.

d) Risk assessment:
The analysis of security risks observed in the organization is done here. Risks are
classified as Low, Medium and High. It helps to provide measures in order to
reduce the risks.  It also focuses on preventing security defects and vulnerabilities.
A comprehensive security assessment allows organizations to create risk profiles
for networks, servers, applications, etc., assess their criticality regarding business
operations, and apply mitigating controls based on assessment results.
e) Security auditing:
 It’s a kind of internal inspection of applications and Operating systems for
checking the security flaws. It is the process of testing and assessing the security of
the company’s information system. A security audit allows verifying the adequacy
of the implemented security strategy, uncovering extraneous software, and
confirming the company’s compliance with regulations.
f) Ethical hacking:
The term “ethical hacking” stands for the act of intruding into the system to detect
vulnerabilities before a malicious attacker could find and exploit them. Ethical
hackers may apply the same methods and tools used by their malicious
counterparts but with the permission of the authorized person – they are also
expected to report all the vulnerabilities found during the process to the
management.
g) Posture assessment: 
This combines security scanning, ethical hacking and risk assessments to represent
overall security of the organization.

3. What is NAT? Explain the working of Static NAT?

NAT stands for Network Address Translation. It can simply be seen as a way to make multiple
LAN’s to a public one before transferring the information. Organizations that want multiple
devices to employ a single IP address use NAT, as do most home routers.

Network Address Translation (NAT) is a process in which one or more local IP address is
translated into one or more Global IP address and vice versa in order to provide Internet access
to the local hosts. Also, it does the translation of port numbers i.e. masks the port number of
the host with another port number, in the packet that will be routed to the destination. It then
makes the corresponding entries of IP address and port number in the NAT table. NAT
generally operates on router or firewall.